From f67029ce2af2f8870836d5bb908254d7fdbbe71b Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Tue, 1 Feb 2022 17:55:14 +0100
Subject: [PATCH] Improve testing conf + test CORS

---
 script/dev-bucket.sh  |  2 +-
 script/dev-cluster.sh |  3 ++-
 script/test-smoke.sh  | 26 +++++++++++++++++++++++---
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/script/dev-bucket.sh b/script/dev-bucket.sh
index 0ce998a1..9bcf5bda 100755
--- a/script/dev-bucket.sh
+++ b/script/dev-bucket.sh
@@ -13,7 +13,7 @@ garage -c /tmp/config.1.toml bucket create eprouvette
 KEY_INFO=$(garage -c /tmp/config.1.toml key new --name opérateur)
 ACCESS_KEY=`echo $KEY_INFO|grep -Po 'GK[a-f0-9]+'`
 SECRET_KEY=`echo $KEY_INFO|grep -Po 'Secret key: [a-f0-9]+'|grep -Po '[a-f0-9]+$'`
-garage -c /tmp/config.1.toml bucket allow eprouvette --read --write --key $ACCESS_KEY
+garage -c /tmp/config.1.toml bucket allow eprouvette --read --write --owner --key $ACCESS_KEY
 echo "$ACCESS_KEY $SECRET_KEY" > /tmp/garage.s3
 
 echo "Bucket s3://eprouvette created. Credentials stored in /tmp/garage.s3."
diff --git a/script/dev-cluster.sh b/script/dev-cluster.sh
index c631d6c0..c1ffb355 100755
--- a/script/dev-cluster.sh
+++ b/script/dev-cluster.sh
@@ -38,10 +38,11 @@ rpc_secret = "$NETWORK_SECRET"
 [s3_api]
 api_bind_addr = "0.0.0.0:$((3910+$count))"	# the S3 API port, HTTP without TLS. Add a reverse proxy for the TLS part.
 s3_region = "garage"				# set this to anything. S3 API calls will fail if they are not made against the region set here.
+root_domain = ".s3.garage.localhost"
 
 [s3_web]
 bind_addr = "0.0.0.0:$((3920+$count))"
-root_domain = ".garage.tld"
+root_domain = ".web.garage.localhost"
 index = "index.html"
 EOF
 
diff --git a/script/test-smoke.sh b/script/test-smoke.sh
index e6f1c6ea..2dcd69ec 100755
--- a/script/test-smoke.sh
+++ b/script/test-smoke.sh
@@ -353,6 +353,26 @@ EOF
   rm /tmp/garage.test_multipart
   rm /tmp/garage.test_multipart_reference
   rm /tmp/garage.test_multipart_diff
+
+
+  echo "Test CORS endpoints"
+  garage -c /tmp/config.1.toml bucket website --allow eprouvette
+  aws s3api put-object --bucket eprouvette --key index.html
+  CORS='{"CORSRules":[{"AllowedHeaders":["*"],"AllowedMethods":["GET","PUT"],"AllowedOrigins":["*"]}]}'
+  aws s3api put-bucket-cors --bucket eprouvette --cors-configuration $CORS
+  [ `aws s3api get-bucket-cors --bucket eprouvette | jq -c` == $CORS ]
+
+  curl -s -i -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921 | grep access-control-allow-origin
+  curl -s -i -X OPTIONS -H 'Access-Control-Request-Method: PUT' -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921|grep access-control-allow-methods
+  curl -s -i -X OPTIONS -H 'Access-Control-Request-Method: DELETE' -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921 |grep '403 Forbidden'
+
+  #@TODO we may want to test the S3 endpoint but we need to handle authentication, which is way more complex.
+
+  aws s3api delete-bucket-cors --bucket eprouvette
+  ! [ -s `aws s3api get-bucket-cors --bucket eprouvette` ]
+  curl -s -i -X OPTIONS -H 'Access-Control-Request-Method: PUT' -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921|grep '403 Forbidden'
+  aws s3api delete-object --bucket eprouvette --key index.html
+  garage -c /tmp/config.1.toml bucket website --deny eprouvette
 fi
 
 rm /tmp/garage.{1..3}.{rnd,b64}
@@ -376,11 +396,11 @@ if [ -z "$SKIP_AWS" ]; then
   echo "🧪 Website Testing"
   echo "<h1>hello world</h1>" > /tmp/garage-index.html
   aws s3 cp /tmp/garage-index.html s3://eprouvette/index.html
-  [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.garage.tld"  http://127.0.0.1:3921/ ` == 404 ]
+  [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.web.garage.localhost"  http://127.0.0.1:3921/ ` == 404 ]
   garage -c /tmp/config.1.toml bucket website --allow eprouvette
-  [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.garage.tld"  http://127.0.0.1:3921/ ` == 200 ]
+  [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.web.garage.localhost"  http://127.0.0.1:3921/ ` == 200 ]
   garage -c /tmp/config.1.toml bucket website --deny eprouvette
-  [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.garage.tld"  http://127.0.0.1:3921/ ` == 404 ]
+  [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.web.garage.localhost"  http://127.0.0.1:3921/ ` == 404 ]
   aws s3 rm s3://eprouvette/index.html
   rm /tmp/garage-index.html
 fi